Index: outgoing.c
===================================================================
--- outgoing.c	(revision 1627)
+++ outgoing.c	(working copy)
@@ -945,10 +945,12 @@ static apr_status_t read_from_connection(serf_conn
          * 2) Doing the initial SSL handshake - we'll get EAGAIN
          *    as the SSL buckets will hide the handshake from us
          *    but not return any data.
+         * 3) When the server sends us an SSL alert.
          *
          * In these cases, we should not receive any actual user data.
          *
-         * If we see an EOF (due to an expired timeout), we'll reset the
+         * If we see an EOF (due to either an expired timeout or the serer
+         * sending the SSL 'close notify' shutdown alert), we'll reset the
          * connection and open a new one.
          */
         if (request->req_bkt || !request->written) {
Index: buckets/ssl_buckets.c
===================================================================
--- buckets/ssl_buckets.c	(revision 1627)
+++ buckets/ssl_buckets.c	(working copy)
@@ -626,7 +626,15 @@ static apr_status_t ssl_decrypt(void *baton, apr_s
                 break;
             }
         }
-        else {
+        else if (ssl_len == 0 && status == 0) {
+                 /* The server shut down the connection. */
+                 *len = 0;
+#ifdef SSL_VERBOSE
+                 printf("ssl_decrypt: SSL read error: server shut down"\
+                        "connection!\n");
+#endif
+                status = APR_EOF;
+        } else {
             *len = ssl_len;
 #ifdef SSL_VERBOSE
             printf("---\n%.*s\n-(%d)-\n", *len, buf, *len);